Help me figure out W32 time issue(s) on domain

I'm getting all kinds of W32 errors on my servers and Domain Controllers...Something is not right.  IS there an easy way to just reconfigure PROPERLY so that I can put my mind at ease??  I am running a simple 2003 AD domain at a single site, with two domain controllers, about 12 member servers and maybe 200 workstations.  I just want EXPLICIT instructions (if possible) on what to do ont one or both DCs and what needs to be done on the member servers and/or XP clients, and if there's anything I can check in Group Policy Manager to see if something is configured wrong right now.  Thanks for your help in advance.
tenoverAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
Tigermatt has a great blog entry on time

http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/

The key is that all your machines be within a 5 minutes (Kerberos requirement).  You can use group policy but you don't really need to use them.  

You just let all machines sync from the PDC emulator in the forest root.

Thanks

Mike
0
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
While specific to Hyper-V and VMs, this post will do the trick:
http://blog.mpecsinc.ca/2010/01/sbs-2008-physical-and-hyper-v-set-up.html

Philip
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sfossupportCommented:
First find the machine that has the pdcemulator role that is responsible for time on your domain. Open AD user and computers, highlight domain and view Operations master. Check where the pdc role is.

Go to the pdc and run

  net time /setsntp:ntpserver where ntpserver is one of the following:

http://tf.nist.gov/tf-cgi/servers.cgi


0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

thabashCommented:
crate a batch file
and poet this command
net time \\timesrv /set /yes

where timeserv is your DC which having the 5 rules
save the file .bat
and run it in all workstations and other servers
ior you can make a logon script

in this way you guarantee that all workstations are getting frim the same source


more details here
http://support.microsoft.com/kb/314090

0
tenoverAuthor Commented:
I ran the following on my PDC Emulator:  net time /setsntp:nist1-sj.ustiming.org

All my servers are Windows 2003 servers.  Would I be better off following the article posted above and running the following on the PDC Emulator:

    * w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:manual /reliable:yes
    * w32tm /config /update
    * net stop w32time && net start w32time
    * w32tm /resync /rediscover


And then this on the 2nd domain controller:
    *  w32tm /config /syncfromflags:domhier /reliable:no
    * w32tm /config /update
    * net stop w32time && net start w32time
    * w32tm /resync /rediscover


And then this on each Member Server:
    *  w32tm /config /syncfromflags:domhier
    * w32tm /config /update
    * net stop w32time && net start w32time
    * w32tm /resync /rediscover


Anxiously awaiting your advice.  Also, anything need to be done on the XP clients via Group Policy?
0
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
check your client machines:
 w32tm /query /source

Philip
0
tenoverAuthor Commented:
On my workstation, a ":49am net time" command shows me:
Current time on DC1 is 04/12/2010 8:49AM (this is the PDC Emulator)

If I do a W32tm /query /source from my workstation, I get:
DC2.mydomain.com

So...What's going on here?  Is there a way to check how and why I'm getting time from DC2 instead of DC1?
0
tenoverAuthor Commented:
Ooops, sorry.  That firs line should have read:  
"On my workstation, a "net time" command shows me:

0
tenoverAuthor Commented:
I have followed the first two steps in the article and done them on the PDC Emulator as well as the second DC.  When I run w32tm /query /source from either DC it says that "The command /query is unknown", and after doing a w32tm /resync /rediscover on my workstation, I still see that I am grabbing time from DC2.  Please help, as I think this is causing quite a few network issues right now.  Thanks.
0
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
The /reliable:yes sets that DC as the time source for the domain.

Any other DCs that have /reliable:no sets the DC time to update from PDCe but not deliver any updates to clients.

More specific links for the w32tm service on 2003:
http://blogs.technet.com/industry_insiders/pages/w32-tm-service.aspx
and:
http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx

Philip
0
tenoverAuthor Commented:
Got that, thanks.  So from any given workstation, if I do a w32tm /query /source, it *could* show either DC as the source, correct?  Because even after following that article and setting the PDC to reliable:yes and the 2nd DC as "reliable:no, restarting the services and resyncing, I still get DC2 when I do a w32tm /query /source from my workstation.
0
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
GP refresh on the workstations takes anywhere up to 90 minutes to happen. The changes may not show.

gpupdate /force on the workstation may take care of that.

Philip
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.